Edit this page

7. Create and Issue Level of Assurance 3 Credential

This use case describes the process for creating and issuing a credential at Level of Assurance 3 (LOA3). A credential token meets LOA3 when it uses multiple factors for authentication (see Authentication Use Case), includes regular online checks that the credential is still valid, and includes strong cryptography.
LOA3 credentials can be either hardware or software tokens and are recognized as LOA3 strength when paired with identity proofing at LOA3 or LOA4.


Actors and Systems Key for Images Actors and Systems Key for Images

Pre-condition: An individual has the need for an LOA3 credential.

1. Request Issued A sponsor requests a credential for the individual.
Sponsor should be an official who can verify the individual’s need for a credential.
2. Request Approved The approval authority reviews the sponsor’s request. If the request is valid, it is approved.
3. Token Generated The CSP generates the credential token and assigns it to the individual.
Issuer could be a person or a system.
4. Token Delivered The CSP securely issues token to the individual.
Delivery could occur through encrypted email, secure mail, or an authorized in person issuer.
5. Token Activated The individual is prompted to activate the token and establish a memorized secret.
This will later be used to authenticate the individual. It is commonly a PIN or password.
6. Functionality Verified The individual verifies token functionality through a test system.

Post-condition: Individual has an activated LOA3 credential ready for use.

Click here for a consolidated image of this use case.